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(57) Abstract 

Procedure for setting up a secure service connection in a telecommunicadon system comprising a first telecommunicadon network 
(1), a first terminal device (2) connected to the first telecommunication network, a second telecommunicadon network (3), a second terminal 
device (4) connected to die second teleccnmiunication network, and a telecommunicadon server (5). in which procedure the first temiinal 
device is connected via a first telecommunication connecHon (6) to die telecommunicadon server and the second terminal device is connected 
to the telecommunicadon server via a second telecommunicadon connection (7). In an embodiment of die invendon, the unique address 
of die first terminal device (2) and the data needed for die verification of informadon giving die first terminal device (2) access to the 
services of die telecommunication server (5) are transmitted via the second terminal device (4); die data sent by the second terminal device 
are verified in die telecommunicadon server, and the first telecommunication connection (6) from the telecommunicadon server to the first 
terminal device is set up based on the verification and the address data received if the first terminal device has the required right of access 
to the services of the telecommunication server. 
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PROCEDURE FOR SETTING UP A SECURE SERVICE CONNECTION 
IN A TELECOMMUNICATION SYSTEM 

The present invention relates to a procedure 
as defined in the preamble of claim 1 for setting up 
5 of a secure service connection in a telecommunication 
system, which may comprise e.g. the Internet and a te- 
lephone network or mobile communication network. 

The global data network, the Internet, is 
based on an open structure which practically anyone 

10 can join. In the network, each device included in the 
network has an individual name, an Internet name. The 
data link protocol used for communication over the In- 
ternet is TCP/IP (Transmission Control Proto- 
col/Internet Protocol) , in which TCP corresponds -to 

15 OSI layer 4 and IP to layer 3. OSI (Open System Inter- 
connection Architecture) is a standard defining how 
systems can be openly interconnected. In the OSI mo- 
del, telecommunication software is divided into sec- 
tions called layers. The principle is that the 

2 0 functions of the layer have been defined but the man- 

ner of implementation has been left open. For each 
layer, a specific interface has been defined, through 
which it communicates with the layers above and below 
it. The functions of a layer and those of the layers 
25 below it are called services. 

A common problem restricting the use of the 
Internet is that the security of certain network lay- 
ers consistent with the OSI model has not been stan- 
dardised or otherwise defined. Therefore, a connection 

3 0 set up via the. Internet between two computers or equi- 

valent terminals is unprotected, which means that in 
principle anyone who is connected to the network can 
receive messages sent between the two computers and 
read them. Correspondingly, anyone can send messages 
35 intended for someone else via a connection between two 
computers and thus disturb or otherwise impair the 
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security and privacy of users. For example, placing 
orders and making payments for services sold via the 
Internet is difficult. Likewise, reliable user identi- 
fication and connection setup are difficult and call 
5 for special arrangements 

In wired telephone networks and in mobile 
communication networks, advanced methods for encryp- 
ting a telecommunication connection or at least the 
data transmitted over the connection are used. Especi- 

10 ally in a mobile communication network such as the GSM 
network, the encryption of radio communication can be 
regarded as providing a very high level of security. 
Moreover, the GSM network standard allows the 
transmission of SMS or ESMS messages, so the informa- 

15 tion to be encrypted can be enciphered into the 
message at the transmitting end and deciphered at the 
receiving end. Such an arrangement can be regarded as 
providing a very high level of data security. 

Patent specification WO 94/11849 presents a 

2 0 mobile communication system in which the user of the 
system is authenticated locally, whereupon a secure 
connection is set up to a service provider or a tele- 
communication server. However, a problem in selling 
services and offering them via a telephone network or 

25 mobile communication network is that the service pro- 
vider has no way e.g. to graphically present the ser- 
vices or products in question. In addition, using or 
ordering services via a terminal in a telephone net- 
work or mobile communication network, i.e. via a te- 

30 lephone, is difficult. 

The object of the present invention is to 
eliminate the problems referred to above. 

A specific object of the present invention is 
to disclose a new type of procedure in a telecommuni- 

35 cation system comprising both a telephone network and 
a data network, which procedure allows reliable user 
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identification and provides a handy and easy way for 
the user to order services offered by the network. 

A further object of the present invention is 
to disclose a procedure in which the user can use or 
5 order products or services provided via the Internet 
regardless of his/her location and terminal device or 
computer connected to the Internet . 

As for the features characteristic of the 
present invention, reference is made to the claims. 

10 In the procedure of the invention for setting 

up a secure service connection in a telecommunication 
system comprising a first telecommunication network, 
preferably a data network or the Internet, a first 
terminal device, preferably a computer or equivalent, 

15 connected to the first telecommunication network, a 
second telecommunication network, preferably a te- 
lephone network and/or mobile communication network, 
and a second terminal device, preferably a telephone 
or mobile station, connected to the second telecommu- 

20 nication network, and a telecommunication server com- 
municating with both the first and the second telecom- 
munication networks, the first terminal device is con- 
nected via a first telecommunication connection to the 
telecommunication server and the second terminal devi- 

25 ce is connected via a second telecommunication connec- 
tion to the telecommunication server. 

According to the invention, the unique add- 
ress of a computer in a data network or in the Inter- 
net as well as the data needed for the verification of 

30 information giving the computer access to the services 
of the telecommunication server, such as the user 
identifier and password, are transmitted via a te- 
lephone or mobile station. The data thus sent are ve- 
rified in the telecommunication server and a first te- 

3 5 lecommunication connection from the telecommunication 
server to the first terminal device is set up based on 
the verification and the address data received if the 
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first terminal device or its user has the required 
right of access to the services of the telecommunica- 
tion server. The access right may also comprise a gi- 
ven sum of money used to buy service time at the tele- 
5 communication server or the access right may consist 
of a command to open a connection, in which case the 
command to close the connection is sent in a corres- 
ponding manner via the telephone or mobile station. 
The unique address may be the IP address or domain na- 

10 me of the computer. 

As compared with prior art, the present in- 
vention has the advantage that it makes it easy to ve- 
rify the Internet user*s right of access to services 
offered in the network and to pay for the services and 

15 products sold via the Internet. A further advantage of 
the invention as compared with prior art is that the 
user is not tied to a given computer or other corres- 
ponding data network terminal because the IP address 
from which the user is accessing the network is speci- 

2 0 fied each time a connection is set up. 

In an embodiment of the present invention, 
the second telecommunication connection to be es- 
tablished via a telephone network is set up as a secu- 
re connection in which all data transmitted via the 
25 connection is encrypted using a predetermined encryp- 
ting algorithm. Correspondingly, the data transmitted 
is decrypted in the telecommunication server and the 
data to be transmitted to the telephone is encrypted. 
On the other hand, the second telecommunication con- 

3 0 nection may also be a message switching connection, 

preferably an ESMS connection, in which case the con- 
nection is used to transmit encrypted message packets 
containing the above-mentioned address data and access 
right verification data. 
3 5 In an embodiment of the invention, a check is 

carried out in the telecommunication server to es- 
tablish whether the first and/or the second telecommu- 
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nication connection is active and. whether the user has 
a right of access to the services provided via the te- 
lecommunication server. In this case, the payments for 
the service and connection may be charged on the basis 
5 of duration of connection. 

In an embodiment of the invention, a fixed 
payment for the service is sent by telephone to the 
telecommunication server using e.g. known chargeable 
service number applications and the first telecommuni- 

10 cation connection is disconnected on expiration of the 
service time corresponding to the payment. 

In an embodiment, both connections are used 
in real time to buy a product or ser^/ice via the In- 
ternet by sending a purchase order via the first tele- 

15 communication connection and the computer and reser- 
ving the purchase price on the user's account via the 
second telecommunication connection and the telephone. 
Next, the telecommunication server is informed of the 
reservation of the purchase price, and when the user 

2 0 receives the product or service and accepts it, the 

transaction is acknowledged by telephone, whereupon 
the reserved sum is transferred to the seller. 

In the following, the invention will be 
described by the aid of a few preferred embodiments by 
25 referring tc the attached drawing, which presents a 
telecommunication system according to the invention. 

The drawing presents an example of a telecom- 
munication system in which the procedure of the inven- 
tion can be implemented. The telecommunication system 

3 0 shown in the drawing comprises the Internet 1 and a 

GSM telephone network 3. Moreover, a computer 2 is 
connected to the Internet and a mobile station 4 is 
connected to the GSM network. The service provider's 
telecommunication server 5 is connected both to the 
3 5 Internet and to the GSM network, and the computer 2 is 
connected via telecommunication connection 6 over the 
Internet to the telecommunication server while the mo- 
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bile station is connected to the telecommunication 
server via telecommunication connection 7 over the GSM 
network. 

It is to be noted that the networks and ter- 
5 minal devices presented here are only examples and 
that other devices and networks applicable can also be 
used in the procedure of the invention. 

The basic idea of the procedure of the inven- 
tion is that an open network, such as the Internet 1/ 

10 is used as a marketing and service channel in which 
products and services are presented, and the payments 
for desired products and services are; made using a te- 
lephone via a separate telecommunication connection 7. 

The Internet user, for whom a unique IP add- 

15 ress has been defined, sets up a connection to the te- 
lecommunication server 5 from his/her computer after 
he/she has either sent from the mobile station 4 a 
payment message, e.g. an ESMS message containing 
his/her user identifier encrypted in the data field in 

20 a manner known in itself, or set up an encrypted cir- 
cuit-switched connection 7 to the telecommunication 
server 5 and sent his/her user identifier via this 
connection. In the telecommunication server 5, the 
message received is decrypted and the first telecommu- 

25 nication connection 6 is related to the user's account 
or other record associated with the user. At inter- 
vals, the telecommunication server 5 checks whether 
the telecommu^nication connections 6, 7 are active and 
maintains call duration counters based on these 

30 checks. 

In an example, the payments for the char- 
geable services offered via the Internet are charged 
as follows. Using a service-specific counter in the 
telecommunication server, in which case the customer 
35 is charged e.g. on the basis of duration of connecti- 
on, the customer sends a fixed sum, which is stored in 
the counter. When the first telecommunication connec- 



wo 99/01990 



7 



PCT/FI98/00532 



tion 6 in the open network is set up, the counter is 
started, and when the counter detects that the stored 
fix sum has been exhausted, the first telecommunicati- 
on connection 6 is disconnected. After this, the cus- 
5 tomer is billed by this fixed sum. In another example, 
the connection time is paid for via continuous time 
charging, in which case the server has a service - 
specific counter which increases the sum to be charged 
until the user sends the server 5 a request to discon- 

10 nect the telecommunication connection 6. After this, 
the customer is billed by the sum indicated by the 
counter. A request to cancel the service is sent via 
the second telecommunication connection 7. 

In a third alternative, the product or servi- 

15 ce is presented to the customer via the first telecom.- 
munication connection 6, and after the customer has 
decided to buy, he/she uses the second telecommunica- 
tion connection 7 to pay for the product or service. 
Based on the payment, the product or service is deli- 

2 0 vered to the customer. In a fourth example, the pro- 
duct or service is paid via a mobile station. Using a 
mobile telephone 4 and a second telecommunication con- 
nection 7 in any one of the ways described above, the 
customer reserves a given sum on his/her account, and 

25 the service provider is notified of the reserved sum 
via the telecommunication server. Based on this noti- 
fication, the service provider can deliver the product 
or service to the customer and the customer acknow- 
ledges receipt of the product after accepting the de- 

30 livery. It is to be noted that in all the above 
examples the state of the payment can be displayed for 
the customer in real time using the first telecommuni- 
cation connection 6 and the computer 2. 

The invention is not restricted to the 

35 examples of its embodiments described above, but many 
variations are possible within the scope of the inven- 
tive idea defined by the claims. 
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CLAIMS 

1. Procedure for setting up a secure service 
connection in a telecommunication system comprising a 
first telecommunication network (1), a first terminal 

5 device (2) connected to the first telecommunication 
network, a second telecommunication network (3), a se- 
cond terminal device (4) connected to the second tele- 
communication network, and a telecommunication server 
(5) , in which procedure the first terminal device is 

10 connected via a first telecommunication connection (6) 
to the telecommunication server and the second termi- 
nal device is connected to the telecommunication ser- 
ver via a second telecommunication connection (7) , 
characterised in that 

15 the unique address of the first terminal de- 

vice (2) and the data needed for the verification of 
information giving the first terminal device (2) ac- 
cess to the services of the telecommunication server 
(5) are transmitted via the second terminal device 

20 (4); 

the data sent by the second terminal device 
are verified in the telecommunication server; and 

the first telecommunication connection (6) 
from the telecommunication server to the first termi- 
25 nal device is set up based on the verification and the 
address data received if the first terminal device has 
the required right of access to the services of the 
telecommunication server. 

2. Procedure as defined in claim 1, cha - 
30 racterised in that a secure telecommunication 

connection (7) is set up between the second terminal 
device and the telecommunication server (5) by encryp- 
ting the data transmitted via the connection using a 
predetermined encrypting algorithm. 
35 3. Procedure as defined in claim 1, cha- 

racterised in that the second telecommunication 
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connection (7) is set up as a message switching con- 
nection which is used to transmit encrypted message 
packets . 

4. Patient's respiration air as defined in 
5 any one of claims 1 - 3, characterised in 

that the message switching connection is used to 
transmit SMS and/or ESMS messages according to the GSM 
standard. 

5. Procedure as defined in any one of claims 
10 1-4, characterised in that a check: is car- 
ried out in the telecommunication server (5) to es- 
tablish whether the first and/or the second telecommu- 
nication connection (6, 7) is active and whether the 
user has a right of access to the services provided 

15 via the telecommunication server. 

6. Procedure as defined in any one of claims 
1 - 5, characterised in that, in the tele- 
communication server (5) , the duration of the first 
telecommunication connection (6) between the first 

20 terminal device and the service is measured and the 
user of the second terminal device (2) is charged on 
the basis of the duration. 

7. Procedure as defined in any one of claims 
1-6; characterised in that a fixed payment 

25 for the service is sent via the second telecommunica- 
tion connection (7) , on the basis of which the tele- 
communication server (5) disconnects the first tele- 
communication connection on expiration of the service 
time corresponding to the payment. 
30 8. Procedure as defined in any one of claims 

1-7, characterised in that 

a purchase order is transmitted via the first 
telecommunication connection; 

the purchase price is reserved on the user's 
35 account via the second telecommunication connection; 

the telecommunication server (5) is informed 
of the reservation; and 
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the transaction is acknowledged via the se- 
cond telecommunication connection by the customer. 

9. Procedure as defined in any one of claims 
1-8, characterised in that the first tele- 

5 communication network (1) is a data network and the 
first terminal device (2) comprises means for connec- 
ting the terminal device to the data network, 

10. Procedure as defined in any one of claims 
1-9, characterised in that the second te- 

10 lecommunication network (3) is a telephone network 
and/or mobile communication network and the second 
terminal device (4) is compatible with the telecommu- 
nication network and/or mobile communication network. 
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